m-mohr
commented
5 years ago I don't see many of the cons as cons - regexp speed is not a problem for example - but overall I'm neutral.
Closed christophfriedrich closed 5 years ago
m-mohr
commented
5 years ago I don't see many of the cons as cons - regexp speed is not a problem for example - but overall I'm neutral.
mkadunc
commented
5 years ago I agree with removing this, primarily because of SSOT and 4th bullet in the Con section above.
Validation in the client API only makes sense in so far as it produces a different result than the alternative (which is validation on the server-side) - eagerly checking parameters in a function only to have them checked again further down the stack is just extra code for no apparent gain.
If the regex-checking code was auto-generated from the API schema, it might make sense to have this on the client, until then I suggest to go with the least possible code duplication.
christophfriedrich
commented
5 years ago Thanks for your feedback Miha, that was the last impulse to make me remove it. This issue will auto-close once that commit is merged into the main repo's master branch.
christophfriedrich
commented
5 years ago Meanwhile that commit has been merged into the development branch here.
For example, a collection name must pass the regex
^[A-Za-z0-9_\-\.~\/]+$, so I implemented a regex in thedescribeCollectionmethod that checks whether the user-suppliednameparameter adheres to it.Pro:
Con:
~is removed from allowed characters) the client needs updating too, and this kind of change is hard to spot/may be forgotten easily/collectionsand therefore be valid anyways (i.e.: it's not really user input)namewas incorrect/collectionsand passed intodescribeCollectionand fails the test, it may be invalid according to the spec -- but nevertheless the back-end is using it and our lib would be in the way of making that work. (Ok, when it's invalid it's there own fault, but still.)Therefore I'm considering to remove that regex.